|
|
|
|
|
|
by mnau
816 days ago
|
|
|
Even simple regexs can be problematic, e.g. Gitlab RCE bug through ExifTools https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execu... > "a\
> "" > The second quote was not escaped because in the regex $tok =~ /(\\+)$/ the $ will match the end of a string, but also match before a newline at the end of a string, so the code thinks that the quote is being escaped when it’s escaping the newline. |
|
|